What the Russia-Ukraine War Means for the Future of Cyber Conflict?

/ 2022, Highlights / By

Information

Time: 2022/9/13 02:00-04:00PM
Venue: IEAT International Conference Center Meeting 8F Room 2

Keynote Speaker:

14:05–14:45 Keynote #1. Internet Hacking Landscape in the Russia-Ukraine War by Representative from Microsoft

14:45–15:25 Keynote #2. The Weaponized Social Media in the Wartime

15:25–16:05 Keynote #3. The Future of the International Law after the Russia-Ukraine Cyber Conflict 

 

 Keynote #1. Internet Hacking Landscape in the Russia-Ukraine War by Ms. Chien-Min Yang from Microsoft CELA

Microsoft published an intelligence report, Defending Ukraine: Early Lessons from the Cyber War, this June. The report represents research conducted by Microsoft’s threat intelligence and data science teams with the goal of sharpening our understanding of the threat landscape in the ongoing war in Ukraine. Yang invited Fanta Orr and Judy Ng, both senior analysts in Microsoft and the main contributors to the report, to share Microsoft’s observations and findings through pre-recorded videos.  

Microsoft observed that cyberattacks have emerged before the Russian troops invaded Ukraine. The physical invasion has also been accompanied by cyberattacks ever since the war started. Orr and Ng shared several insights, including: government institutions were the most common target during the war; Russian government entities responsible for cyberattacks, including GRU; targeted phishing as one of the tactics. Most cyberattacks observed during the war were common tactics, which makes contribution difficult. Orr and Ng emphasized the importance of cyber hygiene for cyber defense.

Yang pointed out that nowadays, war happens on multiple fronts and in various forms. The report suggested that the government should collaborate with the industry in cyber defense and share intelligence. Microsoft helped the Ukrainian government migrate more than one hundred systems to the cloud to maintain the integrity of its services and data during the war. In the end, Yang emphasized the importance of collaboration among global multistakeholders.

 Keynote #2. The Weaponized Social Media in the Wartime by Chihhao Yu, IORG Co-director. Software engineer, information designer.

Yu defined ‘weaponize’ as information manipulation. Information manipulation includes manipulation of source, where sources were omitted or forged; manipulation of content, a.k.a. fake news; conspiracy theories that provoke emotional reactions are examples of manipulation of speculation. Yu used real examples in the Russian invasion to explain each kind of information manipulation while referencing similar scenarios in Taiwan, making it easy for the audience to understand the context.

Several themes are often found in the content manipulation: whitewash the invader, people desire peace, there is no war, demoralization, justify the invasion, and sow discords among supporters. Disinformation such as the war is self-orchestrated while framing Russia by Ukraine is an example of ‘there is no war.’ ‘Zelensky has fled’ is typical ‘demoralization,’ and ‘the Ukrainian government is poisoning its citizens’ is justifying the invasion. In the Taiwanese context, it would be something like ‘Taiwan is part of China.’

Yu proposed that we should use the Internet to make democracy more resilient, not otherwise. He also considered social media self-regulating content on their platforms as a positive first step. Stopping all kinds of information manipulation in the short term is impossible. However, Yu encouraged every citizen to help record the information. One of the simplest ways would be forward disinformation we receive via LINE to Cofacts. Cofacts is a chatbot supported by a fact-checking community composed of volunteers. The community discloses every piece of information they receive to allow further research and analytic works by other parties. The results are helpful not only for future strategy but also accountability. He also urged the public to support relevant research and all stakeholders, including governments, academics, and enterprises, to work together in their own capacity, minimizing the impact of social media weaponization.  

Keynote #3. The Future of the International Law after the Russia-Ukraine Cyber Conflict by Alice Yang, Ph.D Assistant Research Fellow, Institute for National Defense and Security Research

Dr. Yang analyzed the Russian invasion from international law and military perspectives, including the application of international law in cyber conflicts, non-state actors (tech companies), and the development of international law. In principle, international law prohibits any state from using force against the territorial integrity or political independence of any other state. While the interpretation of ‘use of force’ is often debatable, Russia’s invasion of Ukraine was recognized by most countries as breaking international law. On the other hand, applying international law in cyber conflicts is also controversial in the sense that most countries can only agree on the applicability but not how it applies. There are no clear metrics in terms of the harms, scale, and impact to define an armed conflict. Meanwhile, while hours long electricity outrage caused by cyberattacks might not qualify as an armed conflict, it could be argued that the harm inflicted was great enough to break international law.

Dr. Yang also noted that cyberattack was not the main form of arm in the Russian invasion in spite of public speculation. Traditional arm force was still the mainstream, and it was suspected that this could be the result of Ukraine’s familiarity with cyberattacks ever since the Crimean crisis in 2014. It has also been proven that cyberattacks are the most impactful in hybrid warfare. It is also worth noting that disinformation is rarely taken into account in the context of cyber warfare.

Dr. Yang illustrated different levels and aspects of tactics in cyberattacks. For example, overloading the enemy’s network, deliberately feeding false intel to the opposite side, and forcing the enemy to change their strategy. In terms of the Russian invasion, it was clear that Russia was not as organized as Ukraine, with the latter receiving help from the United States. Tech companies have played a significant role in the war with their continuing support of internet connection, data, and map services and encouraging users to collect evidence of war on the social media platform.

The non-state actors have contributed in ways most governments could not. Dr. Yang noted that the motive of private sector could vary from state governments. Although private sector is not in the scope of international law, actions of both state and private sector can influence the development of international law. It would be interesting to watch how the two different actors strategize and prioritize in the future.

Q&A 

Q1:Some people claim that cyber warfare will become more complex and destructive and that the Internet and social media will be further weaponized. What do the panelists think?

A1:Yu: The public discourse and democratic development will always be subject to manipulation, platforms, and the public. The current information environment is already highly complex, and we as the participants in this environment are able to improve it. More and more corporations and organizations are starting to pay attention and effort to these issues, and Yo believes we will develop better strategies in the future. He also noted that the problematic information environment is not the same as cyberattacks. 

Q2:Could Yang from Microsoft share the most common malware/cyberattacks in the Russian invasion?

A2:Yang: according to Microsoft’s report, the “wiper”malware designed to “wipe” computer hard disks and destroy all their data was the most commonly observed. Ransomware was also common. Spear phishing is phishing aiming at specific targets. Although traditional, it remains popular for its effectiveness. 

Q3:Authoritarian regimes can easily invade democracies. On the other hand, democracies can not invade or fight back for their democratic principle. This is obviously unfair. Does democracy need to evolve? If so, how?

A3:Dr. Yang: international law prohibits any state from using force against the territorial integrity or political independence of any other state. However, Russia has insisted on framing its action as a special military operation, never as ‘invasion’ or ‘war.’ As a lawyer herself, Dr. Yang considers protecting fairness in society despite the unfair environment her duty. Disinformation and political propaganda are not new; they are only worse due to social media. We will need to keep learning to improve our media literacy and defend ourselves.

俄烏戰爭對未來網路衝突的意涵

/ 2022, 講堂精彩回顧 / By

議程

14:00–14:05     活動介紹

14:05–15:45     專題演講一「俄烏戰爭下的網路駭侵樣貌與經驗學習 」
                            楊千旻 法務協理 (台灣微軟公司)
                            Fanta Orr, Senior Analyst, Customer Security and Trust, Microsoft Corporation
                            Judy Ng, Senior Analyst, Customer Security and Trust, Microsoft Corporation

14:45-15:25     專題演講二「俄烏衝突中被武器化的社群媒體 」
                           游知澔 共同主持人 (IORG 台灣資訊環境研究中心)

15:25-16:05     專題演講三「 俄烏網路衝突下的國際法發展可能 」
                           楊長蓉 博士(國防安全研究院國防戰略與資源研究所)

 

「僅播放講者同意公開內容」

專題演講

「俄烏戰爭下的網路駭侵樣貌與經驗學習」楊千旻 法務協理(台灣微軟公司) 

Fanta Orr, Senior Analyst, Customer Security and Trust, Microsoft Corporation

Judy Ng, Senior Analyst, Customer Security and Trust, Micosoft Corporation

微軟公司在今年6月22日發布了《Defending Ukraine: Early Lessons from the Cyber War》報告,在本場次演講當中,楊千旻法務協理也特別邀請到這份報告的主要撰寫者:Fanta Orr及Judy Ng兩位資深網路威脅分析師,透過預錄影片的方式,與聽眾分享微軟針對俄羅斯對烏克蘭實施網路攻擊的觀察與發現。

根據微軟的觀察,在兩國戰爭尚未開始的前幾個月,多項訴諸外交手段要求俄羅斯自邊境撤軍的嘗試失敗後,就已經開始出現網路攻擊活動,後續網攻也搭配著實體攻擊持續進行。兩位專家也分析了烏克蘭境內遭受攻擊的對象類型,其中又以政府機關最常受到攻擊;可能涉及支持駭侵活動的俄羅斯官方機構例如GRU等;攻擊的手法則是包括魚叉式網路釣魚(spear phishing)等。由於這些手法都相當常見,因此在歸因上也相對困難,專家亦特別強調網路衛生(cyber hygiene)對於網路防禦的重要性。

楊協理表示,現代戰爭型態逐漸多元化,除了網路攻擊會伴隨著實體衝突而來之外,在俄烏戰爭的案例中還發現,包括烏克蘭的同盟國家亦會被納入網攻範圍。因此,微軟建議政府及產業在網路防禦方面應當攜手合作,彼此交換情資。例如,微軟在這場戰役中便協助烏克蘭政府將一百多個系統搬移到雲端,維持政府相關服務與資料的完整性。演講最末,楊協理也再次強調全球多方利害關係人彼此合作的重要性。

【參考資料】

  1. Microsoft, Defending Ukraine: Early Lessons from the Cyber War:https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/
  2. Microsoft, The hybrid war in Ukraine:https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
  3. Microsoft, Cyber threat activity in Ukraine: analysis and resources:https://msrc-blog.microsoft.com/tag/ukraine/
  4. Microsoft, Digital technology and the war in Ukraine:https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
  5. Microsoft, Using cybersecurity to help manage volatility in the global threat landscape:https://www.microsoft.com/en-us/security/business/security-insider/threat-guidance/using-cybersecurity-to-help-manage-volatility-in-the-global-threat-landscape/
  6. Microsoft, 趨勢名人堂網路戰爭無國界,以俄烏網路戰為鏡提升全民資安防護意識:https://news.microsoft.com/zh-tw/features/cyber-warfare/
  7. Microsoft, Shields Up Technical Guidance:https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war
  8. CISA, Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure: https://www.cisa.gov/uscert/ncas/alerts/aa22-110a
  9. NCSC, UK government assess Russian involvement in DDoS attacks on Ukraine:https://www.ncsc.gov.uk/news/russia-ddos-involvement-in-ukraine
  10. Canada.ca, Joint cyber security advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure:https://www.cyber.gc.ca/en/news-events/joint-cyber-security-advisory-russian-state-sponsored-and-criminal-cyber-threats-critical
  11. 數位時代, 網路戰爭無國界,以俄烏網路戰為鏡提升全民資安防護意識:https://www.bnext.com.tw/article/71389/hacker%EF%BC%8Dinformation-security-mstic

「俄烏衝突中被武器化的社群媒體」游知澔 共同主持人 (IORG 台灣資訊環境研究中心)簡報下載

   

游知澔共同主持人主要談論俄烏戰爭中社群媒體的被武器化,他認為所謂的武器化即是資訊操弄,而資訊操弄又可再細分為:來源、內容及推論操弄等。舉例而言,來源的操弄可能是沒有提供來源,或者假冒來源等;內容操弄即是我們熟悉的假新聞;推論操弄最明顯的例子,即是陰謀論這類不當引發情緒的內容。他在演講中將每一種樣態的資訊操弄都以俄烏戰爭中的實例說明,並對應到台灣的類似情境,使大眾更加容易理解這些資訊操弄的內涵。

游知澔進一步說明內容操作還可以再區分為:美化侵略者、人民要和平、沒有戰爭存在、打擊士氣、侵略正當性及分化支持等。例如:俄烏戰爭中出現誣賴烏克蘭自導自演並嫁禍俄羅斯的假訊息,即是屬於「沒有戰爭存在」的類型。而打擊士氣類型的案例如:烏克蘭總統澤倫斯基已逃跑等訊息。侵略正當性的案例如:烏克蘭政府在毒害民眾,套用在我國的情境,就是台灣為中國的一部分。

游知澔提出「使網際網路變成民主韌性助力,而非阻力」的論點,他認為社群平台等媒介對於平台內容的集體自律會是一個好的方向。他也進一步提及,雖然短期間內沒辦法斷絕所有的資訊操弄行為,但他鼓勵每一位公民都可以協助記錄,簡單的做法就是將LINE收到的假訊息直接轉傳給「Cofacts訊息回報機器人與查證協作社群」,該社群會公開所收到的轉傳資訊,讓相關團體可取得資訊並進一步分析內涵,以為後續應對策略訂定的參考,或許也可作為未來咎責之用。他也期許公眾可支持相關團體的研究工作,而每個利害關係方,包括政府、學校、企業等,亦可各自依其角色透過網路共同協力,使社群媒體被武器化的影響降至最低。

「俄烏網路衝突下的國際法發展可能」楊長蓉 博士(國防安全研究院國防戰略與資源研究所)簡報下載

   

楊長蓉博士主要從國際法及軍事的角度來分析俄烏網路衝突,包括國際法對應網路衝突的適用性,以及非國家行為者(如科技公司)與國際法的發展。楊博士首先說明有關國際法的基本概念是原則禁止武力使用,但針對何謂「武力使用」各界仍有爭議,惟這次的俄烏衝突認定為違法行為較無爭議。此外,網路衝突的國際法適用亦有爭議,即便大多數國家都認同可利用國際法來處理,只是適用上仍有相當大的討論空間。例如,到達何種程度的損害、規模與效果才能算是武力衝突?網攻造成短暫斷電數小時的情況或許不構成武力衝突,但是要到何種程度才能稱之為違反國際法?楊博士也特別提到,這次俄烏戰爭中網路戰並未如大家所判斷的扮演關鍵角色,反而還是以傳統作戰為主,可能的原因為烏克蘭自2014年克里米亞戰爭後,已習慣於俄羅斯的網攻。事實也證明,網路戰能夠發揮最好作用就是透過混合戰進行,例如:加入無人機、武器攻擊等。她也提醒聽眾,通常在談網路戰爭武裝衝突時,並不會考量假訊息。

楊博士還提到戰術對網路攻擊的實用性,因為大量的攻擊可以讓敵對政府應接不暇;在作戰層次,則要讓敵對方的資訊取得錯誤情報,使其難以判斷。戰略上的優勢則是指,對方會因此改變策略。俄烏戰爭中,俄國顯然欠缺計畫及整合,相較於此,烏克蘭在獲得美國協助的情況下,做出較佳的應對規劃。此外,在俄烏戰爭中,科技業者也發揮了重要功能,例如:提供持續連網、資料備份等服務、地圖服務觀察軍隊移動路徑、社群平台邀請大家蒐集戰爭證據等,但同時也要留意這類訊息公開行為或許可能煽動更多極端行為或言論。

最後,楊博士也提到,這些非國家行為者做到了許多政府無能為力處理的工作,不過因為國際法僅可規範政府,針對私部門的行為,需回歸到國內法處理。此外,私部門採取行動的驅動力也可能是企業利益,此與政府的出發點不同;因政府與企業的行為都會影響國際法發展,這兩種群體在各自目標不同的情況下,其戰略性與優先性的選擇判斷,都是未來可以持續探討的議題。

提問與回應

1.    有人認為未來網路戰會更為複雜與具破壞性,而網際網路與社群媒體也將被武器化,請問專家的看法?

游知澔共同主持人:不論是有心的操弄、平台的機制,或是群眾的特性,都會影響到公共討論與民主進程的發展,目前的資訊環境已相當複雜,我們每個人都是資訊環境的參與者,也都有能力讓民主機制或資訊環境變得更好,現在已有越來越多企業或組織開始投入關心這些議題,相信未來也會出現更具戰略性的做法。資訊環境的問題與傳統的網路攻擊應當有所區隔,不能混為一談,但兩者之間還是有可能存在關聯性。

2.    請問微軟的楊協理,在俄烏戰爭中哪些惡意軟體攻擊方式最常見?

楊千旻法務協理:在微軟這次的報告中,觀察到最多的是Wiper惡意刪除軟體攻擊,大約占60%,其他則包括偷竊或是勒索病毒。如同前面演講中所提到的,spear phishing可針對特定對象進行網路釣魚,雖然攻擊手法相當傳統,但目前看來仍是最容易達到效果的植入病毒方式。

3.    極權可以隨意侵略民主環境,但民主卻由於原則的關係,無法禁止侵略或是反擊。這明顯屬於不公平狀態,請問民主是否需要進化?如何進化?

楊長蓉博士:國際法明確禁止侵略行為,然而俄羅斯從未主張其攻擊鳥克蘭的行為屬於侵略,甚至從未宣戰,而是採取「特殊軍事行動」(special military operation),身為法律人可以做的,就是在這個不公平的環境下儘量去維持社會的公平。假訊息及政治宣傳的問題長期以來一直都存在,只是透過社群媒體更加助長,因此我們也要持續學習進化,提升自己的資訊判讀能力。